public async Task SettingAttestationPolicy() { var endpoint = TestEnvironment.AadAttestationUrl; #region Snippet:GetPolicy var client = new AttestationAdministrationClient(new Uri(endpoint), new DefaultAzureCredential()); var policyResult = await client.GetPolicyAsync(AttestationType.SgxEnclave); var result = policyResult.Value.AttestationPolicy; #endregion #region Snippet:SetPolicy string attestationPolicy = "version=1.0; authorizationrules{=> permit();}; issuancerules{};"; var policyTokenSigner = TestEnvironment.PolicyCertificate0; AttestationToken policySetToken = new SecuredAttestationToken( new StoredAttestationPolicy { AttestationPolicy = Base64Url.EncodeString(attestationPolicy), }, TestEnvironment.PolicySigningKey0, policyTokenSigner); var setResult = client.SetPolicy(AttestationType.SgxEnclave, policySetToken); #endregion var resetResult = client.ResetPolicy(AttestationType.SgxEnclave); // When the attestation instance is in Isolated mode, the ResetPolicy API requires using a signing key/certificate to authorize the user. var resetResult2 = client.ResetPolicy( AttestationType.SgxEnclave, new SecuredAttestationToken(TestEnvironment.PolicySigningKey0, policyTokenSigner)); return; }
public async Task SettingAttestationPolicy() { var endpoint = TestEnvironment.AadAttestationUrl; #region Snippet:GetPolicy var client = new AttestationAdministrationClient(new Uri(endpoint), new DefaultAzureCredential()); var policyResult = await client.GetPolicyAsync(AttestationType.SgxEnclave); var result = policyResult.Value; #endregion #region Snippet:SetPolicy string attestationPolicy = "version=1.0; authorizationrules{=> permit();}; issuancerules{};"; //@@ X509Certificate2 policyTokenCertificate = new X509Certificate2(<Attestation Policy Signing Certificate>); //@@ AsymmetricAlgorithm policyTokenKey = <Attestation Policy Signing Key>; /*@@*/ var policyTokenCertificate = TestEnvironment.PolicyCertificate0; /*@@*/ var policyTokenKey = TestEnvironment.PolicySigningKey0; var setResult = client.SetPolicy(AttestationType.SgxEnclave, attestationPolicy, new TokenSigningKey(policyTokenKey, policyTokenCertificate)); #endregion #region Snippet:VerifySigningHash // The SetPolicyAsync API will create an AttestationToken signed with the TokenSigningKey to transmit the policy. // To verify that the policy specified by the caller was received by the service inside the enclave, we // verify that the hash of the policy document returned from the Attestation Service matches the hash // of an attestation token created locally. //@@ TokenSigningKey signingKey = new TokenSigningKey(<Customer provided signing key>, <Customer provided certificate>) /*@@*/ TokenSigningKey signingKey = new TokenSigningKey(policyTokenKey, policyTokenCertificate); var policySetToken = new AttestationToken( new StoredAttestationPolicy { AttestationPolicy = attestationPolicy }, signingKey); using var shaHasher = SHA256Managed.Create(); var attestationPolicyHash = shaHasher.ComputeHash(Encoding.UTF8.GetBytes(policySetToken.ToString())); Debug.Assert(attestationPolicyHash.SequenceEqual(setResult.Value.PolicyTokenHash)); #endregion var resetResult = client.ResetPolicy(AttestationType.SgxEnclave); // When the attestation instance is in Isolated mode, the ResetPolicy API requires using a signing key/certificate to authorize the user. var resetResult2 = client.ResetPolicy( AttestationType.SgxEnclave, new TokenSigningKey(TestEnvironment.PolicySigningKey0, policyTokenCertificate)); return; }
public async Task SettingAttestationPolicy() { var endpoint = TestEnvironment.AadAttestationUrl; #region Snippet:GetPolicy var client = new AttestationAdministrationClient(new Uri(endpoint), new DefaultAzureCredential()); var policyResult = await client.GetPolicyAsync(AttestationType.SgxEnclave); var result = policyResult.Value; #endregion #region Snippet:SetPolicy string attestationPolicy = "version=1.0; authorizationrules{=> permit();}; issuancerules{};"; var policyTokenSigner = TestEnvironment.PolicyCertificate0; var setResult = client.SetPolicy(AttestationType.SgxEnclave, attestationPolicy, TestEnvironment.PolicySigningKey0, policyTokenSigner); #endregion #region Snippet:VerifySigningHash // The SetPolicyAsync API will create a SecuredAttestationToken to transmit the policy. var policySetToken = new SecuredAttestationToken(new StoredAttestationPolicy { AttestationPolicy = attestationPolicy }, TestEnvironment.PolicySigningKey0, policyTokenSigner); var shaHasher = SHA256Managed.Create(); var attestationPolicyHash = shaHasher.ComputeHash(Encoding.UTF8.GetBytes(policySetToken.ToString())); CollectionAssert.AreEqual(attestationPolicyHash, setResult.Value.PolicyTokenHash); #endregion var resetResult = client.ResetPolicy(AttestationType.SgxEnclave); // When the attestation instance is in Isolated mode, the ResetPolicy API requires using a signing key/certificate to authorize the user. var resetResult2 = client.ResetPolicy( AttestationType.SgxEnclave, TestEnvironment.PolicySigningKey0, policyTokenSigner); return; }